Overview

overview

7

Static

static

3

ImmunityDe...up.exe

windows7-x64

7

ImmunityDe...up.exe

windows10-2004-x64

7

immdbg plu...is.dll

windows7-x64

1

immdbg plu...is.dll

windows10-2004-x64

1

immdbg plu...rd.dll

windows7-x64

1

immdbg plu...rd.dll

windows10-2004-x64

1

immdbg plu...Ex.dll

windows7-x64

1

immdbg plu...Ex.dll

windows10-2004-x64

1

immdbg plu...an.dll

windows7-x64

1

immdbg plu...an.dll

windows10-2004-x64

1

immdbg plu...sm.dll

windows7-x64

3

immdbg plu...sm.dll

windows10-2004-x64

3

immdbg plu...OD.dll

windows7-x64

1

immdbg plu...OD.dll

windows10-2004-x64

1

immdbg plu...nt.dll

windows7-x64

1

immdbg plu...nt.dll

windows10-2004-x64

1

immdbg plu...pt.dll

windows7-x64

1

immdbg plu...pt.dll

windows10-2004-x64

1

immdbg plu...er.dll

windows7-x64

1

immdbg plu...er.dll

windows10-2004-x64

1

immdbg plu...mp.dll

windows7-x64

1

immdbg plu...mp.dll

windows10-2004-x64

1

immdbg plu...Om.dll

windows7-x64

1

immdbg plu...Om.dll

windows10-2004-x64

1

immdbg plu...ss.htm

windows7-x64

1

immdbg plu...ss.htm

windows10-2004-x64

1

immdbg plu...ef.dll

windows7-x64

1

immdbg plu...ef.dll

windows10-2004-x64

1

immdbg plu...ax.dll

windows7-x64

1

immdbg plu...ax.dll

windows10-2004-x64

1

immdbg scr...xep.py

ubuntu-18.04-amd64

1

immdbg scr...xep.py

debian-9-armhf

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    23fc1b592928e00c8b7550fefe5b59f7_JaffaCakes118

  • Size

    14.2MB

  • MD5

    23fc1b592928e00c8b7550fefe5b59f7

  • SHA1

    d9b5aca309191df95460d6a8150ceb589757f327

  • SHA256

    e99ea53bdde73afcab81cbc8bc15a6fcd4aa8653e71cb8618375942e2eef838c

  • SHA512

    6760f0200aa1a38603fe5945840cb6f704c9e0c953b2f621d279b889587285e2b92b2815d2bebe4a6ee48eea6179b6734efdf7108d3a26df92f3bd1558decce6

  • SSDEEP

    393216:GBidQIWCsxCWs+Gh0WU5hy6cHJfZeULpMgB:ddQIzqCB+Sd2yXfZFlMQ

Score
3/10

Malware Config

Signatures

  • Unsigned PE 15 IoCs

    Checks for missing Authenticode signature.

Files

  • 23fc1b592928e00c8b7550fefe5b59f7_JaffaCakes118
    .zip
  • ID_signkey_pub.asc
  • ImmunityDebugger_setup.exe
    .exe windows:4 windows x86 arch:x86

    18bc6fa81e19f21156316b1ae696ed6b


    Headers

    Imports

    Sections

  • ImmunityDebugger_setup.exe.sig
  • immdbg plugins/Analyze This v0.1/analyzethis.dll
    .dll windows:4 windows x86 arch:x86

    49545c86b429e23c33e31f57921ce8e2


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/Analyze This v0.1/readme.txt
  • immdbg plugins/Asm2clipboard v0.1/Asm2Clipboard.dll
    .dll windows:4 windows x86 arch:x86

    de62db2eb6fd47d4b01d3a4a57a0941d


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/Cleanup Ex v1.12.108/CleanupEx.dll
    .dll windows:4 windows x86 arch:x86

    51959a497ad7edaa5b645b23ebe316c8


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/Crypto Scanner 0.5b (Immunity)/ImmCScan.dll
    .dll windows:4 windows x86 arch:x86

    a5368278e1252e86ee218053b4488f17


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/Crypto Scanner 0.5b (Immunity)/Readme.txt
  • immdbg plugins/FullDisasm v1.71/FullDisasm.dll
    .dll windows:4 windows x86 arch:x86

    f36fb9e63423f29c7cddc7dbc68dfbd8


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/HideOD v0.17/HideOD.dll
    .dll windows:4 windows x86 arch:x86

    a1beea8492ef4aa06ca91256f470c20e


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/HideOD v0.17/ReadMe.txt
  • immdbg plugins/IsDebugPresent v1.4/IsDebugPresent.dll
    .dll windows:4 windows x86 arch:x86

    feb8458589fa2b34c639b1183bed7bbf


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/ODBGScript v1.65/ODbgScript.dll
    .dll windows:4 windows x86 arch:x86

    58f365f58b2227d12c30334a7588e05f


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/OllyDbg PE Dumper v3.03/PEDumper.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • immdbg plugins/OllyDbg PE Dumper v3.03/ReadMe.txt
  • immdbg plugins/OllyDump v3.00.110/OllyDump.dll
    .dll windows:4 windows x86 arch:x86

    7f5cf8d34bbc4e2676e63718dd7fab83


    Headers

    Imports

    Exports

    Sections

  • immdbg plugins/OllyDump v3.00.110/ollydump300110_src.zip
    .zip
  • Makefile
  • OllyDump.c
  • OllyDump.rc
  • RebuildImport.c
  • rebIT.c
  • rebIT.tXt
  • resource.h
  • immdbg plugins/PhantOm Plugin v1.20/PhantOm.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • immdbg plugins/PhantOm Plugin v1.20/Readme.txt
  • immdbg plugins/PhantOm Plugin v1.20/Tutorial/Bypass.htm
  • immdbg plugins/PhantOm Plugin v1.20/Tutorial/Bypass.swf
  • immdbg plugins/Ultra String Reference v0.12/ustrref.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • immdbg plugins/Windows Maximizer v1.0/WinMax.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • immdbg scripts/!bpxep PyCommand v1.01/ReadMe.txt
  • immdbg scripts/!bpxep PyCommand v1.01/bpxep.py
    .py .sh linux
  • immdbg scripts/!getrpc PyCommand v0.1/getrpc.py
    .py .sh linux
  • immdbg scripts/!getrpc PyCommand v0.1/readme.txt
  • immdbg scripts/!hidedebug PyCommand v1.0/CheckDebug.EXE
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • immdbg scripts/!hidedebug PyCommand v1.0/hidedebug.py
    .py .sh linux
  • immdbg scripts/!itunes7_antiantidebug PyCommand v0.1/itunes7_antiantidebug.py
    .py .sh linux
  • immdbg scripts/!itunes7_universal_antiantidebug PyCommand v0.1/itunes7_universal_antiantidebug.py
    .py .sh linux
  • immdbg scripts/!loadmap PyCommand 1.3/loadmap.py
  • immdbg scripts/!loadmap PyCommand 1.3/readme.txt
  • immdbg scripts/!packets PyCommand v0.1/packets.py
  • immdbg scripts/!packets PyCommand v0.1/readme.txt
  • immdbg scripts/!patch IsDebuggerPresent v0.1/patch.py
    .py .sh linux
  • immdbg scripts/!patch IsDebuggerPresent v0.1/readme.txt
  • immdbg scripts/!scanpe PyCommand v1.0/ReadMe.txt
  • immdbg scripts/!scanpe PyCommand v1.0/scanpe.py
    .py .sh linux
  • immdbg scripts/!search PyCommand v0.1/search.py
    .py .sh linux
  • immdbg scripts/!sqlhooker PyCommand v0.1/readme.txt
    .vbs
  • immdbg scripts/!sqlhooker PyCommand v0.1/sql_listener.py
    .py .sh linux
  • immdbg scripts/!sqlhooker PyCommand v0.1/sqlhooker.py
    .py .vbs
  • immdbg scripts/!tickcount PyCommand v0.1/tickcount.py
  • immdbg scripts/!unmidl PyCommand v0.1/ID-unmidl.zip
    .zip
  • Libs/midlconst.py
  • Libs/midlutil.py
    .py .sh linux
  • PyCommands/unmidl.py
    .py .sh linux
  • immdbg scripts/!unmidl PyCommand v0.1/readme.txt
  • immdbg scripts/ASProtect 2.xx Deobfuscation Script v1.1/ASProtect 2.xx Deobfuscation Script v1.1.py
  • immdbg scripts/ASProtect 2.xx Deobfuscation Script v1.1/readme.txt
  • immdbg scripts/ASProtect 2.xx Deobfuscation Script/ASProtect 2.xx Deobfuscation Script.py
  • immdbg scripts/ASProtect 2.xx Deobfuscation Script/readme.txt